Privacy matters.

Effective Date: 10/15/2025
Last Updated: 10/15/2025

Welcome to Ortu (“Ortu”, “we”, “us”, “our”). We are committed to protecting the privacy and security of our users, clients, website visitors, and others who interact with us (“you”, “your”). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data, how you can exercise your privacy rights, and our responsibilities under laws around the world.

By accessing or using our website (ortudata.com) or otherwise providing us with your personal information, you agree to the terms of this policy.

1. Who We Are & Scope

  • Company Identity: Ortu is a bespoke Data Management & Data Governance education company. We provide customized training (virtual or in‑person) for businesses as well as focusing on K12 education. We are a women‑owned small business based in Washington State, USA, with staff also located in California and internationally. (ORTU)

  • Geographic Scope: This policy applies to information collected anywhere in the world from:

    1. Visitors to our website,

    2. Clients or prospective clients,

    3. People using our educational services,

    4. Others who interact with us offline or via third parties.

  • Jurisdictions Covered: We aim to comply with major privacy laws such as GDPR (EU/EEA + UK), CCPA (California), PIPEDA (Canada), LGPD (Brazil), and other similar laws. If local law requires more protection than this Policy provides, we will abide by the stricter rules.

2. Information We Collect

We collect two types of information: Personal Information (or “personal data”) and Non‑Personal / Aggregate Data.

a. Personal Information You Provide

We collect information you voluntarily give us when you engage with us. Examples include:

  • Contact details: name, email address, phone number, mailing address.

  • Company / organization name, job title.

  • Payment or billing information (if purchasing services).

  • Information you submit via forms (e.g. inquiries, feedback, training registration).

b. Information Automatically Collected

When you use our website, we may automatically collect information such as:

  • IP address, device type, operating system, browser type.

  • Pages visited, time spent, referrer website.

  • Usage data, analytics, log files.

  • Cookies, web beacons, tracking technologies.

c. Third‑party Sources

We may also receive information about you from third parties, such as:

  • Analytics providers (e.g. Google Analytics).

  • Payment processors.

  • Partners, if you use or interact through third‑party services that integrate with ours.

3. How We Use Your Information

We use information for the following purposes:

  • To provide, maintain, and improve our website, services, and training programs.

  • To communicate with you (such as responding to inquiries, sending service announcements, newsletters or marketing, where permitted).

  • To process payments, fulfill your orders or requests.

  • To personalize your experience.

  • To monitor usage and detect and prevent fraud, misuse, security incidents.

  • To comply with legal obligations (e.g. tax, accounting, regulatory).

  • For internal business operations (e.g. auditing, data analysis, research, planning).

4. Legal Bases for Processing (Where Applicable)

Where required by law (particularly under the GDPR and similar laws), the legal grounds we rely on include:

  • Consent – where you have given consent (for example, for marketing communications, cookies beyond strictly necessary).

  • Contractual necessity – where processing is necessary to perform a contract with you.

  • Legitimate interests – for internal business operations, security, fraud prevention, etc., balanced against your rights.

  • Legal obligations – where required by law.

5. Cookies & Tracking Technologies

  • We use cookies and similar tracking technologies to collect data on website usage, for analytics, to manage sessions, for performance, and optionally for marketing.

  • You can set your browser to refuse cookies or to alert you when cookies are being sent. However, disabling certain cookies may limit your ability to use some features of the website.

  • For users in jurisdictions that require it (e.g. EU), we may ask consent for non‑essential cookies.

6. Data Sharing & Disclosure

We do not sell your personal information to third parties. We may share data in the following circumstances:

  • Service Providers / Vendors: To companies that help us with website hosting, payment processing, analytics, email delivery, content translation, etc. These vendors are contractually bound to protect your data and use it only as needed for their services.

  • Business Partners: When you opt in or when necessary to deliver a service (e.g. third‑party tools used in training).

  • Legal Obligations: If required by law, regulation, court order, or governmental authority.

  • Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, you will be notified as required by law.

7. International Data Transfers

  • Because we operate globally, your data may be transferred to, stored, or processed in countries other than where you live. This may include the United States, Canada, and other countries.

  • We implement appropriate safeguards when transferring data internationally, such as standard contractual clauses, ensuring that service providers meet adequate security and privacy standards.

8. Data Retention

  • We retain personal data only as long as needed for the purposes described above (providing services, customer support, legal obligations).

  • Once the data is no longer needed, we will delete it or anonymize it.

  • In some cases, laws or regulations (e.g. tax, accounting, liability) require we keep records longer; in those cases, we retain only what is necessary.

9. Your Rights

Depending on your location, you may have the following rights:

  • Right to access the personal data we hold about you.

  • Right to correct or update inaccurate or incomplete data.

  • Right to delete (erasure) your personal data where legally permitted.

  • Right to restrict processing.

  • Right to object to processing (especially for direct marketing, profiling, or where legitimate interest is used).

  • Right to data portability – receive your data in a machine‑readable format or have it transmitted to another service, where applicable.

  • Right to withdraw consent at any time, where consent is our legal basis.

To exercise any of these rights, please contact us at the contact details below. For certain requests, we may need proof of identity.

Also, if you are in the European Economic Area (EEA), the UK, or other places with supervisory authorities, you have the right to lodge a complaint with your local data protection authority.

10. Security

  • We take reasonable organisational, technical, and administrative measures to protect your personal information from unauthorized access, disclosure, alteration, and destruction.

  • This includes encryption, access controls, secure server infrastructure, regular security assessments.

  • However, no internet transmission or electronic storage is completely secure; we cannot guarantee absolute security.

11.  Children’s Privacy

11.1. Target Audience

We provide content and services that may be directed at or accessible to children under the age of 16, including children under the age of 13. We are committed to protecting the privacy rights of minors and complying with applicable laws, including the General Data Protection Regulation (GDPR) and, where applicable, the U.S. Children’s Online Privacy Protection Act (COPPA).

11.2. Age of Digital Consent

Under the GDPR, individuals under the age of 16 are considered children for data protection purposes. Some EU Member States may set a lower age (not below 13). We comply with the age limits applicable in each user's jurisdiction.

Where we collect and process personal data from children under the age of digital consent in their country, we obtain verifiable parental or guardian consent before any such data is collected or processed.

11.3. What Data We Collect from Children

With appropriate parental consent, we may collect the following types of personal data from children:

  • First name or nickname

  • Age or date of birth (to confirm eligibility)

  • Email address (if necessary for account creation or communication)

  • Country or region (for age-consent validation and compliance)

  • Learning progress or usage data (if part of our services)

  • IP address and device data (via cookies, with consent)

We do not request or permit children to submit sensitive data such as full addresses, payment information, phone numbers, or social media profiles.

11.4. How We Use Children’s Data

We process children's data only with consent from a parent or guardian, and for limited, specific purposes such as:

  • Accessing age-appropriate educational content

  • Participating in learning activities, quizzes, or events

  • Monitoring learning progress (if applicable)

  • Internal analytics to improve child-focused features

  • Providing support or responding to inquiries

  • Legal compliance and age-verification

We do not use children’s data for profiling, targeted advertising, or automated decision-making.

11.5. Parental Rights and Control

Parents or guardians have the right to:

  • Review the personal data we have collected from their child

  • Withdraw consent and request deletion of their child’s data at any time

  • Refuse further collection or processing of their child’s data

  • Request correction or restriction of their child’s data

To exercise these rights, please contact us at:
📧 Email: hello@ortudata.com
📬 Mailing Address: 6728 77th St Ct NW, Gig Harbor, WA 98335, USA

We may require identity verification before taking action on such requests.

11.6. Data Storage and Security for Children’s Data

We apply heightened safeguards when storing and processing children’s data, including:

  • Encryption and access controls

  • Limiting access to trained staff or processors

  • Regular audits and reviews of data protection procedures

  • Data minimization and anonymization where possible

Children’s personal data is retained only as long as necessary for the purposes described, or as required by law. After this period, data is securely deleted or anonymized.

11.7. Data Processors and Transfers

We may use third-party service providers (data processors) to assist in delivering child-oriented features. These providers are contractually required to:

  • Comply with applicable data protection laws (including GDPR and COPPA)

  • Process data only under our instructions

  • Implement appropriate technical and organizational safeguards

  • Not use data for their own purposes

If children’s data is transferred outside the EEA/UK (e.g. to the U.S.), we ensure that adequate safeguards are in place, such as Standard Contractual Clauses or other mechanisms approved under GDPR.

11.8. Contact for Privacy Inquiries Related to Children

If you are a parent, guardian, or legal representative and have concerns about your child's data privacy or use of our services, please contact our Data Protection Officer (if appointed) or our general contact point:

OrtuData
📧 Email: Hello@ortudata.com
📬 Address: 6728 77th St Ct NW, Gig Harbor, WA 98335, USA
🌐 Website: ortudata.com

11.9. Updates to This Children's Privacy Notice

We may update this section of our Privacy Policy from time to time in response to legal changes or updates to our services. If material changes are made regarding how we collect or process children's data, we will notify parents or guardians as required by law and request renewed consent if necessary.

 

12. Marketing / Promotional Communications

  • If you consent, we may send you marketing or promotional materials.

  • You may opt out of receiving marketing messages at any time (via unsubscribe links or contacting us).

  • Even if you opt out, we may still send you non‑promotional communications (e.g. service notices, updates related to your account, legal obligations).

13. Third‑Party Links & Embedded Content

  • Our website may include links to other websites, tools, or services operated by third parties, as well as embedded elements (e.g. videos, social media feeds).

  • We are not responsible for their privacy practices. We encourage you to read their policies.

  • If third parties collect data through our site, we will endeavour to disclose this clearly (e.g. via cookies, embedded content warnings).

14. Changes to This Privacy Policy

  • We may update this Privacy Policy from time to time. When we do, we will change the “Last Updated” date.

  • If changes are material, we will provide notice (for example, via email to registered users, or via a prominent banner on the site).

  • We encourage you to review this policy periodically to be aware of any updates.

15. Contact Us

If you have questions, concerns, or wish to exercise your rights regarding your personal information, please contact us:

OrtuData
Email: hello@ortudata.com (ORTU)
Mailing Address: 6728 77th St Ct NW, Gig Harbor, WA 98335, USA
Phone: (360)798-3061

16. Specific Disclosures Required by Key Jurisdictions

Below are some additional disclosures to ensure compliance in certain jurisdictions. Adapt as necessary.

Jurisdiction Disclosure / Requirement How OrtuData Complies / Will Comply EU / EEA / UK (GDPR) Right for data subject to request data access, correction, deletion, portability; obligation to appoint Data Protection Officer in certain cases; lawful basis for processing; clear consent for cookies We provide the rights above; consent mechanisms; opting out; ensuring service providers meet GDPR requirements; maintaining records of consent. California (CCPA/CPRA) Right to know which categories of personal data collected, purpose of use; right to delete; right to opt out of sale of personal data; non‑discrimination for exercising rights We do not sell personal data; maintain disclosures; provide opt‑outs; process requests. Brazil (LGPD) Similar rights as GDPR; requirement for legal basis; data transfer stipulations We apply legal bases; notify of transfers; ensure proper contracts in place. Other Regions Local privacy laws may impose additional or stricter requirements (e.g. Australia, Canada, etc.) We aim to comply with all applicable laws and adapt practices (cookies, data subject rights) depending on local requirements.

Thank you for trusting OrtuData. We take your privacy seriously and strive to protect your data and provide you with transparency, control, and accountability.